Published on: 20 January 2020
Microsoft has published a security advisory (ADV200001) to mitigate a remote code execution vulnerability in the JScript.dll of the Microsoft Internet Explorer. An attacker could entice a user to visit a malicious web page with specially crafted contents to exploit the vulnerability.
Reports indicate that active exploitation against the vulnerability in Microsoft Internet Explorer (CVE-2020-0674) for remote code execution has been observed. As Microsoft is still working on the fix, users are advised not to use Internet Explorer for Internet browsing until relevant patches are available to address the vulnerability.
Please note that the support for Internet Explorer 10 will be ceased on 31 January 2020 and no security updates will be provided after that. Users should arrange upgrading the Internet Explorer to version 11 or migrating to other supported technology.
Successful exploitation of the vulnerability could lead to remote code execution on an affected system.
Patches for the affected products are not yet available. To mitigate the risk of being compromised by the vulnerability, users should implement the following mitigation measures:
(a) Temporarily suspend the use of Microsoft Internet Explorer
Users of the affected systems are advised not to use the Microsoft Internet Explorer for Internet browsing and change the default browser to browsers other than Internet Explorer until relevant patches are available.
(b) Grant no administrative privileges to users while browsing Internet
System administrators are advised to grant administrative privileges to users only on a need basis. To mitigate the impact of the vulnerability exploitation, users should avoid browsing the Internet using accounts granted with administrative privileges.
(c) Apply the workaround provided by Microsoft
Microsoft has provided a workaround to restrict the access to the JScript.dll. As implementing the workaround might result in reduced functionality for components or features that rely on the JScript.dll, system administrators should properly assess the impact before adopting the workaround. Details steps to implement the workaround could be found at the following URL:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001
https://support.microsoft.com/en-us/help/4488955/support-ending-for-internet-explorer-10
https://www.hkcert.org/my_url/en/alert/20011901
https://www.us-cert.gov/ncas/current-activity/2020/01/17/microsoft-releases-security-advisory-internet-explorer
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0674